Hi Qubes fellows,On reading content on 2FA, and Qubes doc on MFA, there is something confuse me, so I'd like to understand better by posting here:One type of OTP,a TOTP used widely like google authenticator, bases on a shared secret key,since key can be seen in mail box, it's not quite safe, is it saved in mail box as well?(does it also travel on internet? which makes it even worse?)a U2F software can do it's work without this app, so it doesn't look like a good choice.If this is the case, why so many web mail even some promising ones still chose google-authenticator as 2FA?Although gmail itself can add yubikey as enhence for TOTP, I don't see how that's safer.because with or without press the yubikey button, an U2F software can generate same 6-digit-number as password to enter here.Today most of webmails would say they use 2FA, but not introduce in detailswhich protocol it uses. some claim it use yubikey, so is OTP here that use key pair instead ofthe shared secret key? which is muc h better.I don't find many webmail use Yubikey as 2FA on OTP,if any of you find something is rather reliable,recommend very welcome, thanks a lot.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/201902132114.x1DLE1Um023591%40api2.scryptmail.com. For more options, visit https://groups.google.com/d/optout.
